1886 matches found
Exploit for PHP External Variable Modification in Juniper Junos
PoC exploit for CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847. This exploit targets Juniper JunOS within SRX and EX Series products, achieving Remote Code Execution RCE by chaining four vulnerabilities. The exploit involves uploading an arbitrary PHP file to a restricted director...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...
Exploit for CVE-2021-42278
This is a PoC exploit for CVE-2021-42278 and CVE-2021-42287, which are two vulnerabilities in the Windows operating system that allow an attacker to impersonate a Domain Administrator DA from a standard domain user. The exploit uses the Impacket library to interact with the Windows Domain...
Exploit for CVE-2021-42278
This is a Python script for exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate a Domain Administrator DA from a standard domain user. The script uses the Impacket library to interact with the Active Directory. The script has several components: 1. samtheadmin.py: This is the main script...
Exploit for Improper Access Control in Xen
kernel-exploit-factory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. You can use Qem...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
amalmurali47/hook This repository is part of the PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. This repository contains the malicious hook used in the exploit. Overview For detailed instructions and an explanation of how the exploit works,...
jndi_tool
It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is not explicitly mentioned, but the tool is designed to exploit JNDI-related vulnerabilities, including RCE Remote Code Execution and potential log4j RCE. The target product/service is JNDI, and the vulnerability...
Exploit for Out-of-bounds Read in Openssl
This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...
redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Sophos Unified_Threat_Management_Software
SSHTron SSHTron is a multiplayer lightcycle game that runs through SSH. 通过下面命令连接到游戏: $ ssh 192.168.1.111:2022 Controls: WASD or vim keybindings to move do not use your arrow keys. Escape or Ctrl+C to exit. Want to choose color yourself? 有7种颜色可供选择: Red, Green, Yellow, Blue, Magenta, Cyan and White...
Exploit for Improper Access Control in Elasticsearch
欢迎各位大佬提BUG,当前版本 AssetScanV1.2 BUG 目前masscan存在bug,正在解决中 简介...
Exploit for Code Injection in Microsoft
somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...
jexboss
This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.x and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...
Exploit for Race Condition in Canonical Ubuntu_Linux
内网渗透中的一些工具及项目资料 入侵与渗透是两个不同的概念,很多人喜欢混为一谈,简单来说,入侵是从信息收集到打点,渗透是横向移动,获取目标,稳固权限。本页是针对内网渗透中整理的一些工具以及项目资料,方便安全从业人员查阅. 此项目同步至:https://forum.ywhack.com/bountytips.php?pentest 目录 信息收集 漏洞利用 免杀系列 代理隧道 权限提升 权限维持 横向移动 技术资料 信息收集 2021.04.06 - https://github.com/shadow1ng/fscan - 一款内网扫描工具,方便一键大保健 推荐: | 编程语言: Gola...
Exploit for CVE-2020-2551
PoC exploit for CVE-2020-2551, a Python example targeting Weblogic RCE via IIOP. The target vulnerability is a remote code execution vulnerability in Oracle WebLogic Server. The exploit uses the GIOP General Inter-ORB Protocol and CORBA Common Object Request Broker Architecture to establish a...
Exploit for Improper Initialization in Docker
sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Microsoft 365 Defender研究团队和威胁情报中心(MSTIC)的SolarWinds攻击分析文章 OpenSSL 拒绝式攻击严重漏洞CVE-2020-1971 安全论文:《Measuring and...
Exploit for Out-of-bounds Read in Openssl
This repository contains a collection of exploits and tools for various vulnerabilities, including CVE-2014-0160 Heartbleed, CVE-2014-6271 Shellshock, CVE-2017-5638 Apache Struts 2, and others. The repository includes Python scripts for exploiting these vulnerabilities, as well as documentation a...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...
Exploit for OS Command Injection in Webmin
It is an exploit module for CVE-2019-15107, a vulnerability in Webmin. The target product/service is Webmin, a web-based interface for system administration. The vulnerability class/vector is a remote command execution RCE vulnerability. The probable entry point is the "passwordchange.cgi" script...
Exploit for Use After Free in Microsoft
sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 CVE-2019-10173 Xstream 远程代码执行漏洞 Linux 内核报TCP SACK漏洞 CVE-2019-11477/78/79,请尽快处理 漏洞预警Weblogic最新反序列化远程命令执行漏洞绕过...
Exploit for Integer Overflow or Wraparound in F5 Nginx
PoC exploit for CVE-2017-7529, a vulnerability in the Apache HTTP Server. The target is the Apache HTTP Server, with the vulnerability class being a buffer overflow. The probable entry point is the CVE-2017-7529PoC.py script, which uses the requests library to send a GET request to the target...
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware
This is a Metasploit module targeting a command injection vulnerability in Hikvision web servers. The module is designed to exploit the vulnerability by sending malicious commands to the vulnerable server. The module is written in Python and uses the Metasploit framework to interact with the targ...
Exploit for Use After Free in Microsoft
sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 facebook又爆出大量数亿用户隐私数据泄露 CVE-2019-14378 QEMU VM Escape严重漏洞,影响KVM等QEMU为后端的虚拟平台 CVE-2019-10173 Xstream 远程代码执行漏洞...
Exploit for Race Condition in Canonical Ubuntu_Linux
《云原生安全:攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全:攻防实践与体系构建》一书的补充材料和随书源码,供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用,严禁用于非法用途,违者后果自负! 相关链接:豆瓣 | 京东 | 当当 补充阅读资料 - 100云计算简介.pdf - 101代码安全.pdf - 200容器技术.pdf - 201容器编排.pdf - 202微服务.pdf - 203服务网格.pdf - 204DevOps.pdf - CVE-2017-1002101:突破隔离访问宿主机文件系统.pdf -...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472 ZeroLogon vulnerability. The target product/service is Windows Domain Controller DC. The vulnerability class/vector is authentication bypass via all-zero challenge. The probable entry point is the Netlogon service, which is accessed via the Impacket library. Notable...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...
Exploit for CVE-2013-0422
K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...
Exploit for Out-of-bounds Write in Qemu
This repository contains PoCs Proof of Concepts for two vulnerabilities: CVE-2020-14364 Qemu and CVE-2020-1472 Zerologon. CVE-2020-14364 Qemu The Qemu PoC is a C code that exploits a vulnerability in the Qemu emulator. The code includes two files: exp1irq.c and exp2configread.c. These files appea...
Exploit for Improper Initialization in Docker
sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 Nmap 7.9发布,更新Npcap,大量指纹更新 Windows Server域控 Netlogon特权提升漏洞 CVE-2020-1472 暗网中网络安全行业暴露状况研究 五眼联盟国家网络安全技术指导书...
Exploit for Code Injection in Microsoft
somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but the repository contains various vulnerable environments based on Docker-Compose, including ones for Flask, Apache, and...
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
PoC exploit for CVE-2017-12149, an arbitrary file upload vulnerability in JBoss Application Server. The exploit module targets the JBoss Application Server, specifically the CVE-2017-12149 vulnerability, which allows for arbitrary file uploads. The module is designed to exploit this vulnerability...
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
PenetrationTestingPOCWithPython - IOT Device - Web APP - 提权辅助相关 - PC - tools - books - 说明 PenetrationTestingPOCWithPython 搜集有关渗透测试中用python编写的POC、脚本 请使用搜索查找 IOT Device - 天翼创维awifi路由器存在多处未授权访问漏洞 - 华为WS331a产品管理页面存在CSRF漏洞 - CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 - D-Link路由器RCE漏洞 -...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is an open-source collection of vulnerable web applications and environments for security testing and education. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable applications, including web servers, databases, and other systems, to help...
Exploit for Cross-site Scripting in Squid-Cache Squid
CVE-2018-19131 is a proof-of-concept exploit for a vulnerability in Squid, a caching and proxy server. The exploit is built using a Docker Compose application and is designed to demonstrate the vulnerability. The vulnerability is in the Squid version 3.5.27, which is the version used in the...
Exploit for Generation of Error Message Containing Sensitive Information in Postgresql
PoC exploit for CVE-2021-3393. The target product/service or framework is Apache Commons BeanUtils. The vulnerability class/vector is a deserialization vulnerability. The probable entry points are the BasicDynaBean class. The notable dependency/tooling is Apache Commons BeanUtils. The execution...
Exploit for CVE-2020-1472
介绍 参考很多师傅写的关于CS的脚本,内容有横向移动、密码抓取、权限提升、权限维持等,尽可能将内网渗透中常用到的东西整理一下方便使用 更新日志 2021.7.7 更新CVE-2021-1675只测试了本地提权,其他的待测 参考于 https://github.com/cube0x0/CVE-2021-1675 2021.7.26 更新CVE-2021-1675-36934,参考与 https://github.com/cube0x0/CVE-2021-36934 2021.8.14 更新ZeroLogonCVE-2020-1472,参考...
Exploit for CVE-2020-1472
This repository is a proof-of-concept PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service. The exploit requires the latest version of Impacket from GitHub, with added Netlogon structures. The PoC is designed to authenticate with an all-zero challenge and credential to t...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
wifi-arsenal
This repository is an offensive tool for WiFi attacks. It is a collection of tools and scripts for various WiFi attacks, including denial of service, encryption attacks, WEP/WPA/WPA2 attacks, WPS attacks, and others. The repository includes tools for injection, rogue AP/fake AP/MITM, sniffing,...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 1. git clone https://gitee.com/demonbhao/log4j2-cve-2021-44228.git 2. 安装JDK1.8.0以下版本 3. 安装maven,打包需要 使用说明 1. 编写你的poc代码块 2. 编译Exploit.java javac Exploit.java 形成Exploit.class 3. 开启LDAP协议 4.开启http服务器,用python简单开启,注意要和被访问的端口一致...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
PoC exploit for CVE-2021-44228, a vulnerability in the Log4j Java library. The target product/service is Log4j, a Java logging library, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the "sendDetectionRequest" function in the...
Exploit for CVE-2020-1472
CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an unauthenticated attacker to set the password of the Domain Controller account to an empty string NT hash=31d6cfe0d16ae931b73c59d7e0c089c0. This vulnerability is also known as the "Zerologon" vulnerability. The exploit...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This is a Java project for a web application that uses the Log4j library. The project is a practice environment for testing and learning about the Log4j vulnerability CVE-2021-44228. The project includes a Maven project settings file, a Java class file, and a Log4j configuration file. The Log4j...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
It is an offensive tool for Log4j RCE CVE-2021-44228 vulnerability scanning. The primary CVE ID is CVE-2021-44228. The target product/service is Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry points are scripts/modules such as log4j-scan.py. Notable...
Hack-Tools
This is an offensive tool for Web Pentesters. It is a browser extension that facilitates web application penetration tests, providing cheat sheets and tools such as XSS payloads, reverse shells, and more. The extension is accessible in either popup mode or a whole tab in the Devtools part of the...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...